MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 10dc426ff5e7068891ee832a07f62ee7ca16b3f69972527cd9c743e3f37ae230. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Quakbot
Vendor detections: 7
| SHA256 hash: | 10dc426ff5e7068891ee832a07f62ee7ca16b3f69972527cd9c743e3f37ae230 |
|---|---|
| SHA3-384 hash: | e66c94f798cffd7f9a5a72032112a846514e001f488f0ffd0b901e3254bcd3a7ab86b0ed757cbbafabf31ed5e1adbe07 |
| SHA1 hash: | aaa9ac0cf9b2d53f10b8d31cb3c4ab0632331aa3 |
| MD5 hash: | 95820d2c2b6fd92a3d41becb364fb5d7 |
| humanhash: | louisiana-video-helium-uncle |
| File name: | besta.ocx |
| Download: | download sample |
| Signature | Quakbot |
| File size: | 3'393'979 bytes |
| First seen: | 2021-12-03 18:29:23 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 8b19210b7f518d4bf95111e66512866a (2 x Quakbot) |
| ssdeep | 98304:ZB8BOjkSSPvguCeY/1r5dtXCfPBrEc0kAerr7nI+O6IY9O9oCmydIgl3sjX2IpJP:HkSSHguCeY/1r5dtXC3Boc0kAerr7Izw |
| Threatray | 412 similar samples on MalwareBazaar |
| TLSH | T16AF53AF179DE613CD4E76177CE22E6119458585BCFFB0ACB018626B5C23C6C3E92A272 |
| File icon (PE): |  |
| dhash icon | ec6ae6e67afc2008 (2 x Quakbot, 1 x SnakeKeylogger) |
| Reporter |  ffforward |
| Tags: | dll exe ocx Qakbot qbot Quakbot tr |
Intelligence
File Origin
# of uploads :
1
# of downloads :
639
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
besta.ocx
Verdict:
No threats detected
Analysis date:
2021-12-03 18:30:17 UTC
Tags:
n/a
Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Detection(s):
Result
Verdict:
Malware
Maliciousness:
Behaviour
DNS request
Сreating synchronization primitives
Launching a process
Modifying an executable file
Searching for synchronization primitives
Creating a process with a hidden window
Creating a window
Sending a custom TCP request
Unauthorized injection to a system process
Result
Malware family:
n/a
Score:
5/10
Tags:
n/a
Verdict:
Suspicious
Threat level:
5/10
Confidence:
100%
Tags:
overlay packed
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Threat name:
Win32.Backdoor.Quakbot
Status:
Malicious
First seen:
2021-12-03 18:30:25 UTC
File Type:
PE (Dll)
Extracted files:
5
AV detection:
22 of 28 (78.57%)
Threat level:
5/5
Verdict:
malicious
Label(s):
qakbot
Similar samples:
+ 402 additional samples on MalwareBazaar
Result
Malware family:
qakbot
Score:
10/10
Tags:
family:qakbot botnet:tr campaign:1638522901 banker evasion stealer trojan
Behaviour
Creates scheduled task(s)
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Loads dropped DLL
Qakbot/Qbot
Windows security bypass
Malware Config
C2 Extraction:
189.252.173.60:32101
136.143.11.232:443
2.222.167.138:443
186.64.87.195:443
197.89.12.237:443
218.101.110.3:995
103.142.10.177:443
117.248.109.38:21
123.252.190.14:443
190.73.3.148:2222
89.137.52.44:443
194.36.28.26:443
93.48.80.198:995
217.17.56.163:2222
187.121.121.141:995
117.198.159.240:443
140.82.49.12:443
136.232.34.70:443
78.180.170.159:995
185.53.147.51:443
102.65.38.57:443
45.46.53.140:2222
39.49.120.191:995
75.188.35.168:995
71.74.12.34:443
76.25.142.196:443
173.21.10.71:2222
67.165.206.193:993
189.135.34.124:443
50.194.160.233:443
73.151.236.31:443
94.60.254.81:443
181.4.52.159:465
72.252.201.34:995
68.204.7.158:443
24.55.112.61:443
81.250.153.227:2222
100.1.119.41:443
89.101.97.139:443
189.147.174.121:443
50.194.160.233:32100
120.150.218.241:995
109.12.111.14:443
24.229.150.54:995
24.139.72.117:443
93.48.58.123:2222
207.246.112.221:443
207.246.112.221:995
216.238.71.31:443
182.176.180.73:443
198.207.129.250:443
86.8.177.143:443
188.55.203.55:995
105.198.236.99:995
101.50.103.248:995
187.192.68.210:80
174.206.110.67:443
91.178.126.51:995
38.70.253.226:2222
182.181.86.190:995
75.169.58.229:32100
217.165.237.42:443
73.25.109.183:2222
103.116.178.85:993
86.97.10.14:443
27.5.4.111:2222
80.6.192.58:443
65.100.174.110:8443
94.200.181.154:995
65.100.174.110:995
63.143.92.99:995
75.66.88.33:443
189.219.51.124:443
94.202.54.1:995
86.120.85.147:443
103.150.40.76:995
41.228.22.180:443
111.250.17.237:443
73.140.38.124:443
176.63.117.1:22
111.91.87.187:443
220.255.25.187:2222
92.59.35.196:2222
72.252.201.34:465
209.210.95.228:443
68.186.192.69:443
103.168.241.143:995
103.168.241.143:465
86.190.203.103:443
93.147.212.206:443
5.238.149.217:61202
24.152.219.253:995
96.37.113.36:993
45.9.20.200:2211
136.143.11.232:443
2.222.167.138:443
186.64.87.195:443
197.89.12.237:443
218.101.110.3:995
103.142.10.177:443
117.248.109.38:21
123.252.190.14:443
190.73.3.148:2222
89.137.52.44:443
194.36.28.26:443
93.48.80.198:995
217.17.56.163:2222
187.121.121.141:995
117.198.159.240:443
140.82.49.12:443
136.232.34.70:443
78.180.170.159:995
185.53.147.51:443
102.65.38.57:443
45.46.53.140:2222
39.49.120.191:995
75.188.35.168:995
71.74.12.34:443
76.25.142.196:443
173.21.10.71:2222
67.165.206.193:993
189.135.34.124:443
50.194.160.233:443
73.151.236.31:443
94.60.254.81:443
181.4.52.159:465
72.252.201.34:995
68.204.7.158:443
24.55.112.61:443
81.250.153.227:2222
100.1.119.41:443
89.101.97.139:443
189.147.174.121:443
50.194.160.233:32100
120.150.218.241:995
109.12.111.14:443
24.229.150.54:995
24.139.72.117:443
93.48.58.123:2222
207.246.112.221:443
207.246.112.221:995
216.238.71.31:443
182.176.180.73:443
198.207.129.250:443
86.8.177.143:443
188.55.203.55:995
105.198.236.99:995
101.50.103.248:995
187.192.68.210:80
174.206.110.67:443
91.178.126.51:995
38.70.253.226:2222
182.181.86.190:995
75.169.58.229:32100
217.165.237.42:443
73.25.109.183:2222
103.116.178.85:993
86.97.10.14:443
27.5.4.111:2222
80.6.192.58:443
65.100.174.110:8443
94.200.181.154:995
65.100.174.110:995
63.143.92.99:995
75.66.88.33:443
189.219.51.124:443
94.202.54.1:995
86.120.85.147:443
103.150.40.76:995
41.228.22.180:443
111.250.17.237:443
73.140.38.124:443
176.63.117.1:22
111.91.87.187:443
220.255.25.187:2222
92.59.35.196:2222
72.252.201.34:465
209.210.95.228:443
68.186.192.69:443
103.168.241.143:995
103.168.241.143:465
86.190.203.103:443
93.147.212.206:443
5.238.149.217:61202
24.152.219.253:995
96.37.113.36:993
45.9.20.200:2211
Unpacked files
SH256 hash:
60601a36d15c4ca21abfc6b78baec72f46078a1eb53f29d5228a908770e73f43
MD5 hash:
01bc21a273dfbc7a1992fbeae779c01e
SHA1 hash:
f74b278c87f2d5d195157a1c1f61982c9dd331b7
SH256 hash:
10dc426ff5e7068891ee832a07f62ee7ca16b3f69972527cd9c743e3f37ae230
MD5 hash:
95820d2c2b6fd92a3d41becb364fb5d7
SHA1 hash:
aaa9ac0cf9b2d53f10b8d31cb3c4ab0632331aa3
Verdict:
Malicious
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.